Welcome, Guest. Please Login or Register.
November 21, 2017, 10:47:36 AM
Home Help Search Login Register
News: If you are still using YaBB SE, please consider upgrading to SMF as soon as possible.

YaBB SE Community  |  YaBB SE Info  |  News From the YaBB SE Team  |  Topic: SECURITY FIX! Users using any version prior to 1.5.1 « previous next »
Pages: 1 ... 10 11 [12] Reply Ignore Print
Author Topic: SECURITY FIX! Users using any version prior to 1.5.1  (Read 49300 times)
lilb
Noobie
*
Posts: 29


Never mess with a 5foot2 readheaded Sicilian!


Re:The Boys from Brazil
« Reply #165 on: February 26, 2003, 01:36:25 PM »
Reply with quote

Looking around at the Nuke community and they too have been hacked by a group of hackers in brazil. Looking for NeoNazis? I thought all of the NeoNazis migrated to Brazil? There's a good discussion on http://www.computercops.biz/ and one guy just decided to update his .htaccess file to deny all of Brazil. I like that idea, because it appears from the thread that the offenders have the cooperation of their hosting IP.

damn.. i never knew that was possible. anyone have a reference they can point me to on this? i have an ex-member i'd like to stop browsing the board full-stop.
Overseer, I thought ya might find the following information useful...always glad to help out when I can.   ;)

Wanna stop file grabbing and email sucking bots?  add this to your .htaccess file:

AuthUserFile /dev/null
AuthGroupFile /dev/null
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^.*NameOfBotProgramHere.*$ [OR]
RewriteRule /*$ http://botssuck!/index.html [L,R]


to deny by country:
ErrorDocument 403 http://whereveryousendyour403's/index.htm
<Limit GET>
order allow,deny
allow from all
deny from .countrycode
deny from .countrycode
deny from .countrycode
deny from .countrycode
</Limit>
ErrorDocument 404 http://whereveryousendyour404's/index.html


As for banning by IP, you can do it the same way as with the countrycodes, but I do believe you'll find that in your admin console.  (But, careful when ya do that...we accidentally banned an entire C class of IP's...oops, hehe!)  Also keep in mind that large .htaccess files put a heavy strain on the server's cpu...

Hope this helps!   8)

Logged
Overseer
Sr. Member
****
Posts: 455



Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #166 on: February 26, 2003, 01:50:34 PM »
Reply with quote

wow  :)

* Overseer rubs hands with glee.

.. damn where the devil smiley at? ;)
Logged

I learned that from the G's, a G is an Overseer, the Overseer sees.
More than you do 'cause he gets experienced - Snoop on Daz's OG

Supreme exalted, universal leader, Descendent of the kings and queens, the Overseer
The overlord, cream of the crop, creme de la creme - Gang Starr  Royalty
lilb
Noobie
*
Posts: 29


Never mess with a 5foot2 readheaded Sicilian!


Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #167 on: February 27, 2003, 01:34:22 AM »
Reply with quote

ya mean something like this one?    LOL!
Logged
Chris Cromer
The Strange One
Mod Team
YaBB God
*****
Posts: 3152


I am just a figment of your imagination.


WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #168 on: February 27, 2003, 01:42:53 AM »
Reply with quote

There is a hidden smilie built into SE. Type in certain characters and it appears:

 >:D
Logged

Chris Cromer

I am not suffering from insanity, I am enjoying every minute of it.
lilb
Noobie
*
Posts: 29


Never mess with a 5foot2 readheaded Sicilian!


Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #169 on: February 27, 2003, 02:00:11 AM »
Reply with quote

ahhh, and my curiosity is now piqued...
Logged
Jeff Lewis
Global Moderator
YaBB God
*****
Posts: 10149


I'm a llama!


WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #170 on: February 27, 2003, 07:00:53 PM »
Reply with quote

Yep again, a way to stop that spider searching for the Packages.php file:

.htaccess file
AllowOverride None
order allow,deny
deny from all

<Files .htaccess>
order allow,deny
deny from all
</Files>

<Files Packages.php>
order allow,deny
deny from all
</Files>

The first one is more than efficient BUT I was able to still get to the script the second set wont allow a hacker to read the .htaccess file

The third blocks access to the script itself and this fourth one If people have accesss to there raw Apache logs they
can run this

By the way these are crackers in this list.

order allow,deny
deny from 66.147.154.3
deny from 200.221.142.107
deny from 200.180.112.60
deny from 200.228.23.130
deny from 212.159.68.103
deny from 64.140.49.66
deny from 213.241.68.46
deny from 200.149.32.101
deny from 66.109.34.67
deny from 68.36.170.254
allow from all
Logged

iamdamnsam
Full Member
***
Posts: 225


RamchargerCentral.Com


WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #171 on: February 28, 2003, 04:36:33 PM »
Reply with quote

I very much recommend going to 1.5.1 if you want full security.

-[Unknown]

That is not an option till a very stable release that is worth the effort for me to hack is out.  My board is exrememely modded, and not with basic mods, almost all mods are custom. I have many features related to my site that run off of YaBB's template system and member base.

So every version before 1.51 is open to hackers?
Logged

RamchargerCentral.Com
http://ramchargercentral.com
[Unknown]
Global Moderator
YaBB God
*****
Posts: 7830



WWW
Re:SECURITY FIX! Users using any version prior to 1.5.1
« Reply #172 on: February 28, 2003, 05:11:12 PM »
Reply with quote

I very much recommend going to 1.5.1 if you want full security.

-[Unknown]

That is not an option till a very stable release that is worth the effort for me to hack is out.  My board is exrememely modded, and not with basic mods, almost all mods are custom. I have many features related to my site that run off of YaBB's template system and member base.

So every version before 1.51 is open to hackers?

Yes.  Please apply as many of the fixes as you can manage.

-[Unknown]
Logged
Tilton53
Jr. Member
**
Posts: 73


I'm a llama!


Re:Security Fix! Users using any version prior to 1.5.1
« Reply #173 on: May 06, 2003, 12:36:23 AM »
Reply with quote

How the hell did the fact that the isadmin came after include let hacker into the website.
Logged
[Unknown]
Global Moderator
YaBB God
*****
Posts: 7830



WWW
Re:Security Fix! Users using any version prior to 1.5.1
« Reply #174 on: May 06, 2003, 03:24:14 AM »
Reply with quote

How the hell did the fact that the isadmin came after include let hacker into the website.

Sorry, can't say.  And I'll delete anyone's post who tries.

-[Unknown]
Logged
Tilton53
Jr. Member
**
Posts: 73


I'm a llama!


Re:Security Fix! Users using any version prior to 1.5.1
« Reply #175 on: May 06, 2003, 01:27:35 PM »
Reply with quote

Somebody pls pm me then  why it was so important I am a php newbie and this might help me later!
Logged
Omar Bazavilvazo
YaBB SE Developer
YaBB God
*****
Posts: 2153


I never said I would stay to the end...


WWW
Re:Security Fix! Users using any version prior to 1.5.1
« Reply #176 on: May 06, 2003, 02:12:47 PM »
Reply with quote

just apply the fix, then upgrade to 1.5.2, and all will be working perfect.
Logged

Greetings from México!
http://OmarBazavilvazo.com
Mi foro Español-Japonés
http://HablaJapones.org
http://hablajapones.org/index.php/japones/tutoriales/b16.php

NO me manden IM para soporte o dudas
...Leo los foros como todos...
David
Destroyer Dave
Global Moderator
YaBB God
*****
Posts: 5761


I'm not a llama!


WWW
Re:Security Fix! Users using any version prior to 1.5.1
« Reply #177 on: May 24, 2003, 12:29:22 AM »
Reply with quote

Everyone should be upgrading to 1.5.3.
Logged

Pages: 1 ... 10 11 [12] Reply Ignore Print 
YaBB SE Community  |  YaBB SE Info  |  News From the YaBB SE Team  |  Topic: SECURITY FIX! Users using any version prior to 1.5.1 « previous next »
 


Powered by MySQL Powered by PHP YaBB SE Community | Powered by YaBB SE
© 2001-2003, YaBB SE Dev Team. All Rights Reserved.
SMF 2.0.12 | SMF © 2016, Simple Machines
Valid XHTML 1.0! Valid CSS!
Page created in 0.163 seconds with 19 queries.